Public and private actors are aligning largely into two camps in respect to the controversy generated after recent press and whistle-blower reports on mass surveillance and secret data mining. This alignment by no means is transparent, and many will be surprised to see that there are both liberal ("progressive") and conservative voices that don´t see "what the fuss is about." It is … Continue reading We are Persons and Citizens

  The following notes address current initiatives for the creation of an identity “assurance market”. This has been a permanent area of interest in the public and private sectors for years, but a complete solution has not been found to date. The text below discusses the problems arising from the trusted third party or hub … Continue reading Identity Assurance Services

The Cloud is many things and it is particularly one thing for those who approach it with the eyes of the computer revolution of the 20th Century: the Cloud phenomenon appears as an ever more slick incarnation of the out-sized computer, sitting somewhere remote and isolated, capable of everything, ever-present. To the hammer, everything looks … Continue reading IAMaaS is not SaaS

As I mentioned in a previous post, I attended the 13th CISO Roundtable in Zeist on December 14th. The participants—all senior Security and Risk management leaders—engaged in a lively discussion. Floris van den Dool, the Accenture EALA Security Lead, managed to deliver yet another successful gathering focused on Security Management. The subject of the meeting, “The Future … Continue reading Eclosion: The Future of Identity Management

I spoke at 13th CISO Roundtable in Zeist, Netherlands on December 14th, 2010. This event had the participation of CISOs from Europe and the theme of the gathering was "The Future of Identity Management." How do you address such a challenging subject making sense of the fast changing landscape of Security and Identity and Access Management? I … Continue reading Thinking of the Future: Identity and Access Management

If you remain alert to the trends and changes of the information technology markets, there are moments when you feel that history repeats itself. This has been the case for the past 2-3 years with the raise of so-called Cloud Computing. It is evident that the combination of virtualisation, hosting, web services, new security protocols, … Continue reading Required: Varieties of Identity to Deliver the Value of Cloud Computing

In techno-centric environments it is not rare to find a strong emphasis on "people, process and technology". These are three aspects consistently covered by presentations, papers, books, proposals and reference materials. This kind of emphasis is shared by the major consulting firms and market research organisations like Gartner and Forrester. It is important to remark that this … Continue reading I&AM: More than People, Process and Technology

The I&AM Reference Architecture must be based on the idea of the "Circle of Trust". I take this notion from a paper published by John Arnold in 2006. In this context, "security" is interpreted as the definition, the establishment, the enforcement and the verification of trust. The I&AM domain is conceived in terms of "establishment … Continue reading I&AM in the “Circle of Trust”

At the core of the I&AM domain we find the architectural principles of Identity Data Management and Identity Data Ownership.  Contrary to appearances and technological trends, I&AM is essentially data management and its correct understanding will lead to the application of both industry and enterprise standards in the sphere of information management. I&AM must be … Continue reading I&AM beyond the “standard approach”

Many times in my career I have been asked "What is Identity and Access Management and how does it work?" Even Security professionals feel unsure about the scope and nature of our discipline. Identity and Access Management --I always say-- is above everything else, a security discipline, but it would be a misunderstanding to interpret … Continue reading I&AM and Organizational Transformation